package grails.plugin.springsecurity;

import grails.plugin.springsecurity.web.SecurityRequestHolder;
import grails.plugin.springsecurity.web.filter.DebugFilter;
import grails.util.Environment;
import groovy.lang.Closure;
import groovy.lang.GroovyClassLoader;
import groovy.util.ConfigObject;
import groovy.util.ConfigSlurper;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import java.util.TreeMap;
import javax.servlet.Filter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringEscapeUtils;
import org.codehaus.groovy.grails.commons.GrailsApplication;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserCache;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.authentication.switchuser.SwitchUserFilter;
import org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.StringUtils;
import org.springframework.web.multipart.MultipartHttpServletRequest;

/* loaded from: input_file:embedded.war:WEB-INF/classes/grails/plugin/springsecurity/SpringSecurityUtils.class */
public final class SpringSecurityUtils {
    private static ConfigObject _securityConfig;
    private static GrailsApplication application;
    public static final String SAVED_REQUEST = "SPRING_SECURITY_SAVED_REQUEST";
    public static final String SPRING_SECURITY_LAST_USERNAME_KEY = "SPRING_SECURITY_LAST_USERNAME";
    public static final String DEFAULT_TARGET_PARAMETER = "spring-security-redirect";
    public static final String AJAX_HEADER = "X-Requested-With";
    public static final String NO_ROLE = "ROLE_NO_ROLES";
    private static final Logger LOG = LoggerFactory.getLogger(SpringSecurityUtils.class);
    private static List<String> providerNames = new ArrayList();
    private static List<String> logoutHandlerNames = new ArrayList();
    private static List<String> voterNames = new ArrayList();
    private static List<String> afterInvocationManagerProviderNames = new ArrayList();
    private static Map<Integer, String> orderedFilters = new HashMap();
    private static SortedMap<Integer, Filter> configuredOrderedFilters = new TreeMap();

    private SpringSecurityUtils() {
    }

    public static void setApplication(GrailsApplication grailsApplication) {
        application = grailsApplication;
        initializeContext();
    }

    public static Set<String> authoritiesToRoles(Object obj) {
        HashSet hashSet = new HashSet();
        for (Object obj2 : ReflectionUtils.asList(obj)) {
            String authority = ((GrantedAuthority) obj2).getAuthority();
            if (null == authority) {
                throw new IllegalArgumentException("Cannot process GrantedAuthority objects which return null from getAuthority() - attempting to process " + obj2);
            }
            hashSet.add(authority);
        }
        return hashSet;
    }

    public static Collection<GrantedAuthority> getPrincipalAuthorities() {
        Collection<? extends GrantedAuthority> authorities;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null && (authorities = authentication.getAuthorities()) != null) {
            ArrayList arrayList = new ArrayList(authorities);
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                if (NO_ROLE.equals(((GrantedAuthority) it.next()).getAuthority())) {
                    it.remove();
                }
            }
            return arrayList;
        }
        return Collections.emptyList();
    }

    public static List<GrantedAuthority> parseAuthoritiesString(String str) {
        ArrayList arrayList = new ArrayList();
        for (String str2 : StringUtils.commaDelimitedListToStringArray(str)) {
            String trim = str2.trim();
            if (trim.length() > 0) {
                arrayList.add(new SimpleGrantedAuthority(trim));
            }
        }
        return arrayList;
    }

    public static Set<String> retainAll(Object obj, Object obj2) {
        Set<String> authoritiesToRoles = authoritiesToRoles(obj);
        authoritiesToRoles.retainAll(authoritiesToRoles(obj2));
        return authoritiesToRoles;
    }

    public static boolean ifAllGranted(String str) {
        return ifAllGranted(parseAuthoritiesString(str));
    }

    public static boolean ifAllGranted(Collection<? extends GrantedAuthority> collection) {
        return authoritiesToRoles(findInferredAuthorities(getPrincipalAuthorities())).containsAll(authoritiesToRoles(collection));
    }

    public static boolean ifNotGranted(String str) {
        return ifNotGranted(parseAuthoritiesString(str));
    }

    public static boolean ifNotGranted(Collection<? extends GrantedAuthority> collection) {
        return retainAll(findInferredAuthorities(getPrincipalAuthorities()), collection).isEmpty();
    }

    public static boolean ifAnyGranted(String str) {
        return ifAnyGranted(parseAuthoritiesString(str));
    }

    public static boolean ifAnyGranted(Collection<? extends GrantedAuthority> collection) {
        return !retainAll(findInferredAuthorities(getPrincipalAuthorities()), collection).isEmpty();
    }

    public static synchronized ConfigObject getSecurityConfig() {
        if (_securityConfig == null) {
            LOG.trace("Building security config since there is no cached config");
            reloadSecurityConfig();
        }
        return _securityConfig;
    }

    public static void setSecurityConfig(ConfigObject configObject) {
        _securityConfig = configObject;
    }

    public static synchronized void resetSecurityConfig() {
        _securityConfig = null;
        LOG.trace("reset security config");
    }

    public static synchronized void loadSecondaryConfig(String str) {
        mergeConfig(getSecurityConfig(), str);
        LOG.trace("loaded secondary config {}", str);
    }

    public static void reloadSecurityConfig() {
        mergeConfig(ReflectionUtils.getSecurityConfig(), "DefaultSecurityConfig");
        LOG.trace("reloaded security config");
    }

    public static boolean isAjax(HttpServletRequest httpServletRequest) {
        SavedRequest savedRequest;
        String str = (String) ReflectionUtils.getConfigProperty("ajaxHeader");
        if ("XMLHttpRequest".equals(httpServletRequest.getHeader(str))) {
            return true;
        }
        Object configProperty = ReflectionUtils.getConfigProperty("ajaxCheckClosure");
        if (configProperty instanceof Closure) {
            Object call = ((Closure) configProperty).call(httpServletRequest);
            if ((call instanceof Boolean) && ((Boolean) call).booleanValue()) {
                return true;
            }
        }
        if ("true".equals(httpServletRequest.getParameter("ajax"))) {
            return true;
        }
        MultipartHttpServletRequest multipartHttpServletRequest = (MultipartHttpServletRequest) httpServletRequest.getAttribute("org.springframework.web.multipart.MultipartHttpServletRequest");
        if (multipartHttpServletRequest != null && "true".equals(multipartHttpServletRequest.getParameter("ajax"))) {
            return true;
        }
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null || (savedRequest = (SavedRequest) session.getAttribute(SAVED_REQUEST)) == null) {
            return false;
        }
        return savedRequest.getHeaderValues(str).contains("XMLHttpRequest");
    }

    public static void registerProvider(String str) {
        providerNames.add(0, str);
        LOG.trace("Registered bean '{}' as a provider", str);
    }

    public static List<String> getProviderNames() {
        return providerNames;
    }

    public static void registerLogoutHandler(String str) {
        logoutHandlerNames.add(0, str);
        LOG.trace("Registered bean '{}' as a logout handler", str);
    }

    public static List<String> getLogoutHandlerNames() {
        return logoutHandlerNames;
    }

    public static void registerAfterInvocationProvider(String str) {
        afterInvocationManagerProviderNames.add(0, str);
        LOG.trace("Registered bean '{}' as an AfterInvocationProvider", str);
    }

    public static List<String> getAfterInvocationManagerProviderNames() {
        return afterInvocationManagerProviderNames;
    }

    public static void registerVoter(String str) {
        voterNames.add(0, str);
        LOG.trace("Registered bean '{}' as a voter", str);
    }

    public static List<String> getVoterNames() {
        return voterNames;
    }

    public static void registerFilter(String str, SecurityFilterPosition securityFilterPosition) {
        registerFilter(str, securityFilterPosition.getOrder());
    }

    public static void registerFilter(String str, int i) {
        String str2 = getOrderedFilters().get(Integer.valueOf(i));
        if (str2 != null) {
            throw new IllegalArgumentException("Cannot register filter '" + str + "' at position " + i + "; '" + str2 + "' is already registered in that position");
        }
        getOrderedFilters().put(Integer.valueOf(i), str);
        LOG.trace("Registered bean '{}' as a filter at order {}", str, Integer.valueOf(i));
    }

    public static Map<Integer, String> getOrderedFilters() {
        return orderedFilters;
    }

    public static void clientRegisterFilter(String str, SecurityFilterPosition securityFilterPosition) {
        clientRegisterFilter(str, securityFilterPosition.getOrder());
    }

    public static void clientRegisterFilter(String str, int i) {
        SortedMap<Integer, Filter> configuredOrderedFilters2 = getConfiguredOrderedFilters();
        Filter filter = configuredOrderedFilters2.get(Integer.valueOf(i));
        if (filter != null) {
            throw new IllegalArgumentException("Cannot register filter '" + str + "' at position " + i + "; '" + filter + "' is already registered in that position");
        }
        Filter filter2 = (Filter) getBean(str);
        configuredOrderedFilters2.put(Integer.valueOf(i), filter2);
        FilterChainProxy filterChainProxy = getFilterChainProxy();
        Map<RequestMatcher, List<Filter>> mergeFilterChainMap = mergeFilterChainMap(configuredOrderedFilters2, filter2, i, filterChainProxy.getFilterChainMap());
        filterChainProxy.setFilterChainMap(mergeFilterChainMap);
        LOG.trace("Client registered bean '{}' as a filter at order {}", str, Integer.valueOf(i));
        LOG.trace("Updated filter chain: {}", mergeFilterChainMap);
    }

    private static FilterChainProxy getFilterChainProxy() {
        Object bean = getBean("springSecurityFilterChain");
        return bean instanceof DebugFilter ? ((DebugFilter) bean).getFilterChainProxy() : (FilterChainProxy) bean;
    }

    private static Map<RequestMatcher, List<Filter>> mergeFilterChainMap(Map<Integer, Filter> map, Filter filter, int i, Map<RequestMatcher, List<Filter>> map2) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<Integer, Filter> entry : map.entrySet()) {
            hashMap.put(entry.getValue(), entry.getKey());
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (Map.Entry<RequestMatcher, List<Filter>> entry2 : map2.entrySet()) {
            ArrayList arrayList = new ArrayList(entry2.getValue());
            int i2 = 0;
            while (i2 < arrayList.size() && ((Integer) hashMap.get(arrayList.get(i2))).intValue() < i) {
                i2++;
            }
            arrayList.add(i2, filter);
            linkedHashMap.put(entry2.getKey(), arrayList);
        }
        return linkedHashMap;
    }

    public static SortedMap<Integer, Filter> getConfiguredOrderedFilters() {
        return configuredOrderedFilters;
    }

    public static boolean isSwitched() {
        for (GrantedAuthority grantedAuthority : findInferredAuthorities(getPrincipalAuthorities())) {
            if ((grantedAuthority instanceof SwitchUserGrantedAuthority) || SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR.equals(grantedAuthority.getAuthority())) {
                return true;
            }
        }
        return false;
    }

    public static String getSwitchedUserOriginalUsername() {
        if (!isSwitched()) {
            return null;
        }
        for (GrantedAuthority grantedAuthority : SecurityContextHolder.getContext().getAuthentication().getAuthorities()) {
            if (grantedAuthority instanceof SwitchUserGrantedAuthority) {
                return ((SwitchUserGrantedAuthority) grantedAuthority).getSource().getName();
            }
        }
        return null;
    }

    public static String getSecurityConfigType() {
        return getSecurityConfig().get("securityConfigType").toString();
    }

    public static void reauthenticate(String str, String str2) {
        UserDetailsService userDetailsService = (UserDetailsService) getBean("userDetailsService");
        UserCache userCache = (UserCache) getBean("userCache");
        UserDetails loadUserByUsername = userDetailsService.loadUserByUsername(str);
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(loadUserByUsername, str2 == null ? loadUserByUsername.getPassword() : str2, loadUserByUsername.getAuthorities()));
        userCache.removeUserFromCache(str);
    }

    public static Object doWithAuth(Closure closure) {
        HttpSession session;
        SecurityContext securityContext;
        boolean z = false;
        if (SecurityContextHolder.getContext().getAuthentication() == null && SecurityRequestHolder.getRequest() != null && (session = SecurityRequestHolder.getRequest().getSession(false)) != null && (securityContext = (SecurityContext) session.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)) != null) {
            SecurityContextHolder.setContext(securityContext);
            z = true;
        }
        try {
            Object call = closure.call();
            if (z) {
                SecurityContextHolder.clearContext();
            }
            return call;
        } catch (Throwable th) {
            if (z) {
                SecurityContextHolder.clearContext();
            }
            throw th;
        }
    }

    public static Object doWithAuth(String str, Closure closure) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        reauthenticate(str, null);
        try {
            Object call = closure.call();
            if (authentication == null) {
                SecurityContextHolder.clearContext();
            } else {
                SecurityContextHolder.getContext().setAuthentication(authentication);
            }
            return call;
        } catch (Throwable th) {
            if (authentication == null) {
                SecurityContextHolder.clearContext();
            } else {
                SecurityContextHolder.getContext().setAuthentication(authentication);
            }
            throw th;
        }
    }

    public static SecurityContext getSecurityContext(HttpSession httpSession) {
        Object attribute = httpSession.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
        if (attribute instanceof SecurityContext) {
            return (SecurityContext) attribute;
        }
        return null;
    }

    public static Throwable getLastException(HttpSession httpSession) {
        return (Throwable) httpSession.getAttribute("SPRING_SECURITY_LAST_EXCEPTION");
    }

    public static String getLastUsername(HttpSession httpSession) {
        String str = (String) httpSession.getAttribute("SPRING_SECURITY_LAST_USERNAME");
        if (str != null) {
            str = StringEscapeUtils.unescapeHtml(str);
        }
        return str;
    }

    public static SavedRequest getSavedRequest(HttpSession httpSession) {
        return (SavedRequest) httpSession.getAttribute(SAVED_REQUEST);
    }

    private static void mergeConfig(ConfigObject configObject, String str) {
        GroovyClassLoader groovyClassLoader = new GroovyClassLoader(SpringSecurityUtils.class.getClassLoader());
        try {
            _securityConfig = mergeConfig(configObject, (ConfigObject) new ConfigSlurper(Environment.getCurrent().getName()).parse(groovyClassLoader.loadClass(str)).getProperty("security"));
            ReflectionUtils.setSecurityConfig(_securityConfig);
        } catch (ClassNotFoundException e) {
            throw new RuntimeException(e);
        }
    }

    private static ConfigObject mergeConfig(ConfigObject configObject, ConfigObject configObject2) {
        ConfigObject configObject3 = new ConfigObject();
        if (configObject2 == null) {
            if (configObject != null) {
                configObject3.putAll(configObject);
            }
        } else if (configObject == null) {
            configObject3.putAll(configObject2);
        } else {
            configObject3.putAll(configObject2.merge(configObject));
        }
        return configObject3;
    }

    private static Collection<? extends GrantedAuthority> findInferredAuthorities(Collection<GrantedAuthority> collection) {
        Collection<? extends GrantedAuthority> reachableGrantedAuthorities = ((RoleHierarchy) getBean("roleHierarchy")).getReachableGrantedAuthorities(collection);
        return reachableGrantedAuthorities == null ? Collections.emptyList() : reachableGrantedAuthorities;
    }

    private static <T> T getBean(String str) {
        return (T) application.getMainContext().getBean(str);
    }

    private static void initializeContext() {
        voterNames.clear();
        voterNames.add("authenticatedVoter");
        voterNames.add("roleVoter");
        voterNames.add("webExpressionVoter");
        voterNames.add("closureVoter");
        logoutHandlerNames.clear();
        logoutHandlerNames.add("rememberMeServices");
        logoutHandlerNames.add("securityContextLogoutHandler");
        providerNames.clear();
        providerNames.add("daoAuthenticationProvider");
        providerNames.add("anonymousAuthenticationProvider");
        providerNames.add("rememberMeAuthenticationProvider");
        orderedFilters.clear();
        configuredOrderedFilters.clear();
        afterInvocationManagerProviderNames.clear();
    }
}
